Microsoft to Make EMET Native to Windows 10

Microsoft is no longer interested in retiring its Enhanced Mitigation Experience Toolkit (EMET) but will instead make it native to Windows 10, the tech giant announced this week.

Initially released in 2009, EMET was designed to protect against certain zero-day software vulnerabilities at a time when there was a 3-4 years gap between Windows releases. The tool helped Microsoft disrupt common exploit kits and even features Windows 10 compatibility.

Seven years later, after it had already accelerated the release of new Windows iterations, Microsoft said EMET was no longer needed. The company initially announced plans to retire EMET on Jan. 27, 2017, but then pushed the end-of-life date back 18 months, to July 31, 2018, based on customer feedback.

In November 2016, as a reply to Microsoft’s claim that Windows 10 doesn’t need EMET to deliver great protection, CERT vulnerability analyst Will Dormann said in a blog that EMET includes additional protections that Windows 10 doesn’t.

Now, Rob Lefferts, Director of PM, Windows Enterprise and Security at ‎Microsoft, says that feedback from customers who “are clearly fans of threat protections offered through EMET the Enhanced Mitigation Experience Toolkit (EMET)” determined the company to make the tool native to Windows 10 in the form of Windows Defender Exploit Guard.

The Exploit Guard is meant to pack both EMET capabilities and new vulnerability mitigations, in an attempt to deliver new prevention capabilities and make exploitation of vulnerabilities dramatically more difficult. The tool would also include a new class of intrusion prevention capabilities.

“Using intelligence from the Microsoft Intelligent Security Graph (ISG), Exploit Guard comes with a rich set of intrusion rules and policies to protect organziations from advanced threats, including zero day exploits. The inclusion of these built-in rules and policies addresses one of the key challenges with host intrusion prevention solutions which often takes significant expertise and development efforts to make effective,” Lefferts says.

WDAG should prevent attackers from compromising local machines or moving laterally into the network by isolating malware downloaded via the browser or zero-day exploits. “With more than 90% of attacks using a hyperlink to initiate stealing credentials, installing malware, or exploiting vulnerabilities,” the browser emerges as the most common target for attackers, and Microsoft will focus on securing it.

Microsoft also plans on integrating Windows Defender Device Guard into Windows Defender ATP response capabilities, to ensure customers have better control over applications. Further, Windows 10 should deliver “a new level of security” to enterprises, along with new analytic capabilities, Microsoft says.